Cisco Cisco Firepower Management Center 4000

Select 

, then click 

.

The Groups page appears.

Next to the response group you want to activate or deactivate, click the slider.

If the group was activated, it is deactivated. If it was deactivated, it is activated.

Any

After you create correlation rules or compliance white lists (or both), and, optionally, alert responses and 
remediations, you can use them to build correlation policies.

When your network traffic meets the criteria specified in a correlation rule or white list in an active 
policy, the Defense Center generates either a correlation event or white list event. It also launches any 
responses you assigned to the rule or white list. You can map each rule or white list to a single response 
or to a group of responses. If the network traffic triggers multiple rules or white lists, the Defense Center 
launches all the responses associated with each rule and white list.

For more information on creating the correlation rules, compliance white lists, and responses you can 
use to build a correlation policy, see the following sections:

Optionally, create a skeleton policy and modify it later to add rules and responses.

Admin/Discovery Admin

Select 

.

The Policy Management page appears.

Click 

.

The Create Policy page appears.

Provide basic policy information, such as the name and description.

See 

Add one or more rules or white lists to the correlation policy.

See 

.

Optionally, set rule and white list priorities.

See 

Optionally, add responses to the rules or white lists you added.